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Data processing device, in particular an electronic memory component, and encryption 
method related thereto 



The present invention relates to a data processing device, in particular an 
electronic memory component, comprising a plurality of access-secured sub-areas, in 
particular a plurality of access-secured memory areas, each having at least one assigned 
parameter (a„, a n _i,.„, & u ao), in particular address. 

The present invention further relates to a method of encrypting at least one 
parameter (a„, a„.i,..., a u ao), in particular the address, of at least one access-secured sub-area, 
in particular at least one access-secured memory area, of at least one data processing device, 
in particular at least one electronic memory component. 

In known methods of encrypting confidential data, such as for instance 
personal data, key data or otherwise sensitive data, a non-volatile memory unit can only be 
encrypted as a compact physical overall memory in a more or less fixed manner; this means, 
in other words, that access can only conventionally be denied to memories in their entirety. 

This method, known from the prior art, of encrypting entire Integrated] 
C[ircuit] areas is considered disadvantageous in view of the high cost associated therewith 
together with its technical complexity and lack of flexibility. For this reason, attempts are 
constantly being made to develop alternative methods of encrypting access-secured memory 
areas or other sub-areas. 

If, for instance, to control a memory of the size M = 2 { = 2 n+1 with i = n+1 
address buses precisely these address buses are encrypted over the entire address space, 
modification of one address bus would have the possible effect of modifying a plurality of 
address buses, indeed even those address buses which ensure that a physically remote 
memory cell is addressed. 

This is not sensible for a number of a memory types, including in particular 
memories which are organized into areas, such as Erasable] Programmable] R[ead] 
0[nly]M[emory], E[lectrically]E[rasable]P[rogrammable] R[ead]0[nly]M[emory] or Flash 
memory. Separation of the address buses into a number of areas and subsequent independent 
encryption of each of the individual areas is inadequate, however, with regard to security. 
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Taking as basis the above-described disadvantages and shortcomings and 
acknowledging the outlined prior art, it is an object of the present invention so to develop a 
data processing device, in particular an electronic memory component, of the above- 
mentioned type together with an encryption method related thereto, that on the one hand the 
security of such devices is increased considerably and on the other hand the expense 
associated therewith and the technical complexity are not too great. 

This object is achieved with a data processing device, in particular an 
electronic memory component of non-volatile nature, having the features indicated in claim 1 
and by an encryption method related thereto having the features indicated in claim 6. 
Advantageous embodiments and expedient further embodiments of the present invention are 
identified in the respective dependent claims. 

According to the teaching of the present invention, therefore, a completely 
novel approach to area-wise encryption of memory contents is provided, i.e. a new method is 
disclosed for encrypting access-secured memory sectors of non-volatile nature and/or other 
sub-sectors. 

To this end, the present invention allows parts of the (address) parameters of 
the memory areas to be encrypted in different ways with regard to the object and/or with 
regard to the customer and/or with regard to the "die". This means, in other words, that some 
sub-areas or sectors of the address do not affect all the addresses, unlike in the prior art. 

According to the invention, therefore, encryption of one access-secured sub- 
area, in particular an access-secured memory area, is performed while taking account of the 
other respectively available sub-areas, in particular memory areas. This makes it possible to 
encrypt each sub-area with in each case different parameters. 

According to a preferred embodiment of the present invention, an unencrypted 
address of the form a n , a^i,..., ai, ao may take the following appearance, in accordance with 
the above-described encryption method: f 2 (a n ), f2(fi(a n )+a n _0, f 3 (f 2 (fi(a n )+a n . l )+ a„. 2 ),.., 
fn+i(fn(f n -i(...)))> an unencrypted address of the form a n , a n .i,..., ai, ao may be mapped onto 
i = n+1 (scramble) functions fj. 

In this context, it is obvious that although variation of the parameter a^ in 
particular of the address parameter, may influence all the other address buses, variation of the 
parameter a n -i does not have any influence on the most significant function fi(an). 

It is expedient for fi(a) to be any desired one-to-one function, i.e. there are 
precisely 2 1 plain/cipher pairs, wherein an unencrypted address a n , a n .i,..., a u ao is always 
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transformed into a unique encrypted address a* n , a' n -i,..., &\, a' 0 . On the other hand, the 
function fj itself does not have to be bijective, i.e. it does not have to be reversible. 

In an advantageous further embodiment of the present invention, not all stages 
have to be fully performed, i.e. some functions may directly reproduce the relevant address 
bit: a' = a. Alternatively or in addition thereto, the address buses may also be grouped; this 
may appropriately mean, inter alia, that the inputs to the functions f and the return values 
from the functions f| may be several bits wide. 

In an advantageous embodiment of the present invention, 

- for EPROM memories or for EEPROM memories division into two sub- 
areas with functions fi(a n ,..., a x ) and f 2 (fi(a x .i,..., ao)) is useful and 

- for flash memories division into three sub-areas with functions fi(a„,..., a x ), 
f2(fi(a x -i,..., a y )) and f 3 (f 2 (fi(a y .,,..., ao))) is useful. 

According to a particularly inventive further embodiment, access-secured 
memory areas may be separately secured, i.e. boundary conditions which require a physical 
memory are fully utilized by the new method (the wide variety of encryptions is here limited 
only insignificantly). 

The present invention further relates to a microcontroller, in particular a smart 
card controller, comprising at least one data processing device of the above-described type. 
Accordingly, the above-described method may preferably be built into all smart card designs, 
for example. 

The present invention finally relates to the use of at least one data processing 
device, in particular at least one electronic memory component, of the above-described type 
in at least one chip unit, in particular in at least one smart card controller, in at least one 
reader Integrated] C[ircuif] or in at least one crypto chipset, for example in the field of audio 
and/or video encryption. 



As already discussed above, there are various possible ways of advantageously 
embodying and developing the teaching of the present invention. Reference is made, in this 
regard, to the claims subordinate to claims 1 and 6, and the invention will be further 
described with reference to examples of embodiments shown in the drawings to which, 
however, the invention is not restricted. In the Figures: 
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Fig. 1 is a schematic block diagram of an example of embodiment of the 
encryption method according to the present invention applied to a data processing device 
according to the present invention. 



The encryption method according to the present invention for application in an 
electronic memory component is based on the idea of encrypting unencrypted addresses a n , 
a n .,,..., ai, ao of an access-secured memory area only in certain areas, i.e. in dependence on 
one or more further memory areas, such that encrypted addresses a' n , a' n .,,..., a',, a' 0 are 
formed. 

To this end, i = n+1 one-to-one (~>2 j = 2 n+1 plain/cipher-pairs) scramble 
functions f,, f 2 ,..., f n , f^, are provided, such that, after mapping, the unencrypted addresses of 
the form a n , a n . 1} ..., a u ao have the following appearance when encrypted by the functions fi 
(c.f. Fig. 1): 

fi(a n ), f2(fi(a„)+a n . 1 ), f 3 (f 2 (f 1 (a„)+a n . 1 )+a n .2),... 9 f„ +I (f„(f„-i(...))) 

This makes it possible to encrypt each sub-area with in each case different 

parameters. 

In this context, it is obvious that although variation of the addresses a„, a„. u ..., 
a,, ao may influence all the other address buses, variation of the parameter a,,., does not have 
any influence on the most significant function fi(a„). 

As an alternative to that illustrated in Fig. 1, not all i = n+1 stages have to be 
fully performed, i.e. some functions £ may also directly reproduce the relevant address bit: a' 
= a. 

Furthermore, the address buses may also be grouped; this may mean, inter alia, 
that the inputs to the functions fj and the return values from the functions f s maybe several 
bits wide. 
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ao 


first unencrypted address 


ai 


second unencrypted address 


a n -i 


n ft unencrypted address 




n+l m unencrypted address 


a'o 


first encrypted address 


a', 


second encrypted address 


a'n-i 


n* encrypted address 


a'„ 


n+l th encrypted address 


ft 


first function, in particular first scramble function 


f 2 


second function, in particular second scramble function 


fn 


n th function, in particular n th scramble function 




n+l* function, in particular n+l* scramble function 



